Question: Audit CIS Case 1 An information system (IS) auditor was asked to review the alignment between information technology (IT) and business goals for Cachero, a
Audit CIS
Case 1
An information system (IS) auditor was asked to review the alignment between information technology (IT)
and business goals for Cachero, a small but rapidly growing financial institution. The IS auditor requested
information including business and IT goals and objectives; however, these were limited to a short, bulleted
list for business goals and PowerPoint slides used in reporting meetings for IT goals.
It was also found in the documentation provided that over the past two (2) years, the risk management
committee (composed of senior management) met on only three (3) occasions, and no minutes of what
was discussed were kept for these meetings. When the IT budget for the upcoming year was compared to
the strategic plans for IT, it was noted that several of the initiatives mentioned in the plans for the upcoming
year were not included in the budget for that year.
The IS auditor also discovered that Cachero does not have a full-time chief information officer (CIO). The
organizational chart of the entity denotes an IS manager reporting to the chief financial officer (CFO), who,
in turn, reports to the board of directors. The board plays a major role in monitoring IT initiatives in the entity,
and the CFO frequently communicates the progress of IT initiatives.
When the IS auditor reviewed the segregation of duties (SoD) matrix, it was apparent that application
programmers are only required to obtain approval from the database administrator (DBA) to directly access
the production data. It was also noted that the application programmers must provide the developed
program code to the librarian, who then migrates it to production. IS audits are carried out by the internal
audit department, which reports to the CFO at the end of every month, as part of the business performance
review process; the financial results of the entity are reviewed in detail and signed off by the business
managers for the correctness of data contained therein.
Questions:
1. In no more than five (5) sentences, discuss what should an IS auditor suggest regarding the
governance structure of Cachero.
2. The IS budgeting process should be integrated with business processes and aligned with
organizational budget cycles. What advice would the IS auditor give to the organization to ensure
the budget covers all aspects and can be accepted by the board? Discuss your answer in no more
than five (5) sentences
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help